Code4renaCODE423N4:2023-08-LIVEPEER-FINDINGS-ISSUES-159on hitting ceiling, the Bonds Manager re configures to stop collecting treasure cut, but does not have inverse logic
Vulnerability details
Impact
The bonds manager configures itself to stop collecting treasury reward cut, if the balance in treasury is above the configured ceiling. But, the resetting of is managed by the admin account manually.
The execution of proposals is based on funds in treasury. So, if the frequent execution of proposals drains the funds quickly, there should also be a logic to restore the treasury reward cut as soon as the balance of treasury falls below a certain threshold.
Making this adjustment manual leads to losing transactions that could have potentially contributed to the treasury, incase it was automatically restored.
Proof of Concept
Once the _setTreasuryRewardCutRate is set to 0, only controller can set it back.
if (treasuryBalanceCeiling > 0) {
uint256 treasuryBalance = livepeerToken().balanceOf(treasury());
if (treasuryBalance >= treasuryBalanceCeiling && nextRoundTreasuryRewardCutRate > 0) {
// halt treasury contributions until the cut rate param is updated again
_setTreasuryRewardCutRate(0);
}
}
The event fired on setting is also not every helpful for offchain monitoring.
function _setTreasuryRewardCutRate(uint256 _cutRate) internal {
require(PreciseMathUtils.validPerc(_cutRate), "_cutRate is invalid precise percentage");
nextRoundTreasuryRewardCutRate = _cutRate;
emit ParameterUpdate("nextRoundTreasuryRewardCutRate");
}
Tools Used
Manual Review
Recommended Mitigation Steps
- Make the event more explicit to indicate the direction of change in rate
- Like there is ceiling for treasure rewards, there should also be floor and if touched, the treasure reward cut should be enabled.
This is important because manual action may take some losing potential cuts from transaction in between
Assessed type
Other
The text was updated successfully, but these errors were encountered:
All reactions